The first attempts by cyber attackers to use the Meltdown and Spectre exploits appear to be fake security updates to fix the flaws.

Researchers at security firm Malwarebytes have discovered a German-language website that appears to be government-backed and offer help on Meltdown and Spectre, but includes links to malware.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

“While it appears to come from the German Federal Office for Information Security (BSI), this SSL-enabled phishing site is not affiliated with any legitimate or official government entity,” Jérôme Segura, lead malware intelligence analyst at Malwarebytes, wrote in a blog post.

The fake “sicherheit-informationstechnik.bid” site includes a link to a zip archive that claims to contain a patch for the recently disclosed exploits that affect most modern computing devices.

But the fake security update – Intel-AMD-SecurityPatch-10-1-v1.exe – is really a piece of malware called Smoke Loader that can retrieve additional payloads.

“Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information,” wrote Segura.

Malwarebytes notified Comodo and Cloudflare about the fake help website, which was taken offline within minutes, according to Segura.

“Online criminals are notorious for taking advantage of publicised events and rapidly exploiting them, typically via phishing campaigns. This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise,” he said.

Segura also cautioned organisations against taking any action when urged to perform an action by suppliers. “There is a chance that such requests are fake and intended to either scam you or infect your computer,” he said.

According to Segura, there are very few legitimate cases when suppliers will make direct contact to urge organisations to apply updates. In such cases, he said, organisations should always verify information via other online resources first.

Segura also warned that sites using SSL (HTTPS) are not necessarily trustworthy. “The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam,” he said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy